Initial setup

Add a DNS alias for your virtual nginx web site (outside of the scope of this blog post). The examples below assume that apt.mydomain.com is the DNS alias

Install the required software, logged in as root, give the following command

apt-get install gnupg pinentry-curses nginx aptly

Logged in as your regular user, do the following:

Create a gpg keyNote! It is a good idea to do the key generation when logged into a debian desktop and move the mouse about during generation, to get good random values for the key generation.Giving the following command at the command line

gpg --full-generate-key

At the prompt for key type, just press ENTER to select the default (RSA and RSA)

At the prompt for key size, type “4096” (without the quotes) and press ENTER

At the prompt for how long the key should be valid, type “0” without the quotes and press ENTER

At the prompt for “Real name”, type your real name and press ENTER

At the prompt for “Email address”, type your email address and press ENTER

At the prompt for “Comment”, type the host name of your archive web server, e.g. “apt.mydomain.com” and press ENTER

Configure an architecture in the archive: open the ~/.aptly.conf file in a text editor, and change the line

"architectures": [],

to

"architectures": ["amd64"],

Note! Without a concrete architecture in place, aptly refuses to publish. So add an architecture here, even you are going to publish packages with architecture “all” (e.g. java, python, shell script). In the example I’m using “amd64” which, despite its name, is appropriate for modern 64 bit intel chips (i5 or i7 of various generations).

Note! If you get a time out error instead of a prompt for the GPG key passphrase, and you’re logged in remotely to the server, the reason could be that gpg tries to open a GUI pinentry tool. Switch to explictly using a curses-based pinentry and try the “aptly publish” command again. Do the command:

update-alternatives --config pinentry

and select “pinentry-curses” in “Manual mode”

Log in as root and do the following

Create a root directory for a new web server and copy in the public key used to sign the published achive

mkdir -p /var/www-apt
cp /home/steinar/apt_pub.gpg /var/www-apt/

In a text editor, create the file /etc/nginx/sites-available/apt with the following content